Overview

overview

10

Static

static

3

Vuodneyx.exe

windows7-x64

10

Vuodneyx.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Vuodneyx.exe

  • Size

    664KB

  • Sample

    230727-jmm7cabe98

  • MD5

    f07259a0cd92a6c0640ff1acd0d1a54d

  • SHA1

    270cc877c9b6571ec2b5c593dfba4f8ea4c5c966

  • SHA256

    cfd11acb2343bcc79e51f5c9db8443e901894d7580b430aecf8338a71cf624de

  • SHA512

    6d134f7121ebc3b4a53164c1be21b5428dad5c3dd24336398a9e07c933ca42387f498e93beeb61c9274683e497a781839a5b97404f14c3cfe1363e09b1116f28

  • SSDEEP

    12288:RCsgkm2i2+G9fQ17xbNQ2aD68JzLiZ0A7zM7AJ6c7M3aXf5DhPvZi:wsZM7bQ2ebhyPzMk4c7fv5Dh3

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

208.67.104.96:1234

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      Vuodneyx.exe

    • Size

      664KB

    • MD5

      f07259a0cd92a6c0640ff1acd0d1a54d

    • SHA1

      270cc877c9b6571ec2b5c593dfba4f8ea4c5c966

    • SHA256

      cfd11acb2343bcc79e51f5c9db8443e901894d7580b430aecf8338a71cf624de

    • SHA512

      6d134f7121ebc3b4a53164c1be21b5428dad5c3dd24336398a9e07c933ca42387f498e93beeb61c9274683e497a781839a5b97404f14c3cfe1363e09b1116f28

    • SSDEEP

      12288:RCsgkm2i2+G9fQ17xbNQ2aD68JzLiZ0A7zM7AJ6c7M3aXf5DhPvZi:wsZM7bQ2ebhyPzMk4c7fv5Dh3

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks